ACIC: Business email fraud victim numbers rise in Australia

In line with trends in the US, the number of Australian victims to business email compromise (BEC) fraud is on the rise.

There were 243 victims of BEC fraud in the first quarter of 2016-2017 Australian financial year, according to figures in a new report on organised crime by the Australian Criminal Intelligence Commission (ACIC).

There were 749 cases reported in 2015-2016, the first full financial year that ACORN collected data on BEC fraud. The new numbers suggest victim numbers are on the rise.

ACIC didn’t report the value of losses, however the FBI says BEC fraud has grown into a multibillion dollar threat, affecting tens of thousands of firms around the world.

BEC is a type of phishing that usually involves tricking a target into wiring funds to a fraudster’s account. Fraudsters adopt multiple identifies, ranging from the CEO or CFO of a company, to suppliers, a lawyer or any other identity a victim might expect to communicate with in the course of normal business. Over time they’ll convince the victim to wire funds that would normally be paid to a supplier. Often the attackers compromise a target’s email to study patterns of behavior.

It’s considered a low-tech but sophisticated crime as it relies on highly targeted social engineering without necessarily compromising a victim’s network.

The FBI estimates BEC fraudsters have attempted to scam $5.3bn from organizations since 2013. Over 40,000 organizations from 132 nations have been targeted, though actual losses are less than $5.3bn.

Last August Brisbane City Council lost $450,000 to BEC fraudsters after making nine transfers it believed were payments to a professional services supplier.

Facebook and Google were reportedly the victims of a BEC scammer who’d cheated both firms of $100m over two years, posing as Taiwanese hardware maker Quanta Computer.

ACIC’s report classifies BEC fraud as one of the main components of cybercrime, itself one of several serious financial crimes along with card fraud, investment fraud, tax fraud, and superannuation fraud.

The report also identified encryption and encrypted messaging apps as a key enabler of organized crime.

Latest Videos

Hear from Invictus Games Sydney 2019 CEO, Patrick Kidd OBE and Head of Technology, @James-d-smith -share their insights on how they partnered with Unisys to protect critical data over an open, public WiFi solution.

With so much change all the time, how can executives best prepare their businesses to meet the security challenges of the coming years? CSO Australia, in conjunction with Mimecast, explored this question in an interactive Webinar that looks at how the threat landscape has evolved – and what we can expect in 2019 and beyond.

According to new research conducted by the Ponemon Institute, Australia and New Zealand have the highest levels of data breaches out of the nine countries investigated. This was linked to heavy investment in security detection and an under-investment in security and vulnerability response capabilities

Copyright 2019 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.